MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95
SHA3-384 hash: 7c91b3968c2dbffb02f1248553e6967812fd998d872da678998f986785e79d8875cdfc63a8e1efea8f0aa11a02c59445
SHA1 hash: 202cd53d8e2df8f357da4dddfd7a920817c34cbe
MD5 hash: fd2f7c6f5a15e9bf3da69784b6eb84b0
humanhash: coffee-foxtrot-burger-red
File name:COVID-19 VACCINE.Xlxs.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:147'456 bytes
First seen:2020-03-26 22:14:36 UTC
Last seen:2020-03-26 23:43:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 21344367eb569a860023e13eae5c52cd (1 x GuLoader)
ssdeep 1536:tQjlutYnzgn+sdCHw+mbC8J4PnxbGk2GjyV5vkGEWTl:tvuzjsuw+mm8JIbG1a45vkGEol
Threatray 1'305 similar samples on MalwareBazaar
TLSH 1EE33A33F725C689DD254A700CA4C6B1C4A67C207DA64BC7F361BB5DB8B4A17E9B13A0
Reporter c_APT_ure
Tags:GuLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7649844-0
Create hunting rule

Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/333726
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 14:33:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 30 (83.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2mhu5wmzc6qugu7hzga3kj2zpey4tv2ebzkroo5ujxlkyyyx3kkq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
1b2e0d5dd025f3af551020940f5cb7bfa79ce059f90cb62bafc0c8490f197bc7
GuLoader
50d487621decc715e2b3e349679aba07ecb93d3ee55a3605ec0606d11a05dcd2
GuLoader
8d88c99ff33ecbed42e4185b925f890a616aa0307a559d61595ab67dae6a1a09
GuLoader
a8327d7e2395ea7fb71062275b3a7f24ce586d7ccd0301ed2a1df1699e2d9b9b
GuLoader
aee6f41ba3393811f2980cec1714785039dd6cfcc629b81479fc376f635868c7
GuLoader
bed06510d878aedc81671ebf83fb2dd246f88de58514124d166e0831b4d9c4d0
GuLoader
c7c2e3e6dc40ec793635b6f18e44223d8cbf9fb621ee0d5b374b709510fe2d9a
GuLoader
c884dcf4fa00359eeb51ead67cd41d9a68b71f09e3588f03456244eddaa36fa0
GuLoader
e0d0b8ce88eb76ca3cb8339d7f49d2d198b2a51b43949b4ddd23a40889cafcc9
GuLoader
e265bbf3f727ff892423b3e24b5368ab4f694c86334bf68ae62ff20dfd7ce5b6
GuLoader
+ 1'295 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

Executable exe d30f4ed99917a14353e7c981b527597931c9d7440e55173bb44dd6ac6317da95

(this sample)

AgentTesla

Executable exe 85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787
  
Dropping
SHA256 85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787
  
Dropping
SHA256 85566ab56e9e2e7899311dfd8b3308422026414d9e73af83580522852ac6d787
  
Dropping
MD5 c0249e3cd8a3009d711cafe2df5dd43d

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments